aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRedMatrix <info@friendica.com>2014-04-11 11:23:13 +1000
committerRedMatrix <info@friendica.com>2014-04-11 11:23:13 +1000
commitfeb3a8162318ac57c8b34a25a8b14293bd6405bf (patch)
tree72ba0a0030ed8ec18e03d09c948536452fa7be00
parent9bb7811d741339404ea6b372363c805d41a84794 (diff)
parentf16fc1eb4f82760a516dcf5e49257036f2c01aca (diff)
downloadvolse-hubzilla-feb3a8162318ac57c8b34a25a8b14293bd6405bf.tar.gz
volse-hubzilla-feb3a8162318ac57c8b34a25a8b14293bd6405bf.tar.bz2
volse-hubzilla-feb3a8162318ac57c8b34a25a8b14293bd6405bf.zip
Merge pull request #402 from sasiflo/master
Added info about SSL certificates
-rw-r--r--doc/Install.md8
-rw-r--r--install/INSTALL.txt18
-rwxr-xr-xmod/setup.php9
3 files changed, 32 insertions, 3 deletions
diff --git a/doc/Install.md b/doc/Install.md
index 2df82b181..8adfe3ccd 100644
--- a/doc/Install.md
+++ b/doc/Install.md
@@ -6,7 +6,13 @@ Red should run on commodity hosting platforms - such as those used to host Wordp
Also if you encounter installation issues, please let us know via the Github issue tracker (https://github.com/friendica/red/issues). Please be as clear as you can about your operating environment and provide as much detail as possible about any error messages you may see, so that we can prevent it from happening in the future. Due to the large variety of operating systems and PHP platforms in existence we may have only limited ability to debug your PHP installation or acquire any missing modules - but we will do our best to solve any general code issues.
-Before you begin: Choose a domain name or subdomain name for your server.
+Before you begin: Choose a domain name or subdomain name for your server. Put some thought into this - because changing it is currently not-supported. Things will break, and some of your friends may have difficulty communicating with you. We plan to address this limitation in a future release.
+
+Decide if you will use SSL and obtain an SSL certificate before software installation. You SHOULD use SSL. If you use SSL, you MUST use a "browser-valid" certificate. You MUST NOT use self-signed certificates!
+
+Please test your certificate prior to installation. A web tool for testing your certificate is available at "http://www.digicert.com/help/". When visiting your site for the first time, please use the SSL ("https://") URL if SSL is available. This will avoid problems later. The installation routine will not allow you to use a non browser-valid certificate.
+
+This restriction is incorporated because public posts from you may for example contain references to images on your own hub. If your certificate is not known by the internet browser of users they get a warning message complaining about some security issues. Although these complains are not the real truth - there are no security issues with your encryption! - the users may be confused, nerved or even worse may become scared about Red Matrix having security issues. Use one of the free certification instances!
1. Requirements
- Apache with mod-rewrite enabled and "Options All" so you can use a
diff --git a/install/INSTALL.txt b/install/INSTALL.txt
index 65efa9cfe..c23cf740e 100644
--- a/install/INSTALL.txt
+++ b/install/INSTALL.txt
@@ -33,7 +33,23 @@ Put some thought into this - because changing it is currently not-supported.
Things will break, and some of your friends may have difficulty communicating
with you. We plan to address this limitation in a future release.
-Decide if you will use SSL and obtain an SSL cert before software installation. You SHOULD use SSL. If you use SSL, you MUST use a "browser-valid" certificate. Please test your certificate prior to installation. A web tool for testing your certificate is available at "http://www.digicert.com/help/". When visiting your site for the first time, please use the SSL ("https://") URL if SSL is available. This will avoid problems later.
+Decide if you will use SSL and obtain an SSL certificate before software
+installation. You SHOULD use SSL. If you use SSL, you MUST use a
+"browser-valid" certificate. You MUST NOT use self-signed certificates!
+
+Please test your certificate prior to installation. A web tool for testing your
+certificate is available at "http://www.digicert.com/help/". When visiting your
+site for the first time, please use the SSL ("https://") URL if SSL is
+available. This will avoid problems later. The installation routine will not
+allow you to use a non browser-valid certificate.
+
+This restriction is incorporated because public posts from you may for example
+contain references to images on your own hub. If your certificate is not known
+by the internet browser of users they get a warning message complaining about
+some security issues. Although these complains are not the real truth - there
+are no security issues with your encryption! - the users may be confused,
+nerved or even worse may become scared about Red Matrix having security issues.
+Use one of the free certification instances!
1. Requirements
diff --git a/mod/setup.php b/mod/setup.php
index 02c2268ce..07ad34ac5 100755
--- a/mod/setup.php
+++ b/mod/setup.php
@@ -551,7 +551,14 @@ function check_htaccess(&$checks) {
if(strstr($a->get_baseurl(),'https://')) {
$test = z_fetch_url($a->get_baseurl() . "/setup/testrewrite",false,0,array('novalidate' => true));
if($test['success']) {
- check_add($checks, t('SSL certificate validation'),false,true, t('SSL certificate cannot be validated. Fix certificate or disable https access to this site.'));
+ $help = t('SSL certificate cannot be validated. Fix certificate or disable https access to this site.') . EOL;
+ $help .= t('If you use https access, you MUST use a certification instance known by all internet browsers. You MUST NOT use self-signed certificates!') . EOL;
+ $help .= t('This restriction is incorporated because public posts from you may for example contain references to images on your own hub. If your') . EOL;
+ $help .= t('certificate is not known by the internet browser of users they get a warning message complaining about some security issues. Although') . EOL;
+ $help .= t('these complains are not the real truth - there are no security issues with your encryption! - the users may be confused, nerved or even') .EOL;
+ $help .= t('worse may become scared about redmatrix having security issues. Use one of the free certification instances!') . EOL;
+
+ check_add($checks, t('SSL certificate validation'),false,true, $help);
}
}
}